search

PowerShellMafia / PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework
Other
11.68k stars 4.59k forks source link

Get-DomainSearcher : A parameter cannot be found that matches parameter name 'Properties' #341

Open sogewasp opened 4 years ago

sogewasp commented 4 years ago

I'm trying to add a domain user DCSync rights with the command Add-ObjectAcl, but somehow I keep getting errors. I've connected to remote domain (which my machine isn't part of) with the command:

C:\Users\user> runas /net /user:domain.local\username powershell.exe
Enter the password for domain.local\username:
Attempring to start powershell.exe ad user "domain.local\username" ...

Then I followed the examples (help):

PS C:\Users\user> hepl Add-DomainObjectAcl -examples
...
    -------------------------- EXAMPLE 2 --------------------------

    PS C:\>$Harmj0ySid = Get-DomainUser harmj0y | Select-Object -ExpandProperty objectsid

    Get-DomainObjectACL testuser -ResolveGUIDs | Where-Object {$_.securityidentifier -eq $Harmj0ySid}

    [no results returned]

    $SecPassword = ConvertTo-SecureString 'Password123!'-AsPlainText -Force
    $Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword)
    Add-DomainObjectAcl -TargetIdentity testuser -PrincipalIdentity harmj0y -Rights ResetPassword -Credential $Cred
    -Verbose

But I get this error:

PS C:\Windows\system32>  Get-DomainUser -Domain htb.local username | Select-Object -ExpandProperty  objectsid
...
PS C:\Windows\system32> Get-DomainObjectAcl -Domain domain.local  -ResolveGUIDs username | Where-Object {$_.securityidentifier -eq $DomainUserID}
Get-DomainSearcher : A parameter cannot be found that matches parameter name 'Properties'.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Empire-master\data\module_source\situational
_awareness\network\powerview.ps1:8125 char:40
+         $Searcher = Get-DomainSearcher @SearcherArguments
+                                        ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-DomainSearcher], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Get-DomainSearcher

Get-DomainSearcher : A parameter cannot be found that matches parameter name 'SearchBase'.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Empire-master\data\module_source\situational_awareness\network\powerview.ps1:5906 char:42
+     $SchemaSearcher = Get-DomainSearcher @SearcherArguments
+                                          ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-DomainSearcher], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Get-DomainSearcher

Get-DomainSearcher : A parameter cannot be found that matches parameter name 'SearchBase'.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Empire-master\data\module_source\situational
_awareness\network\powerview.ps1:5929 char:42
+     $RightsSearcher = Get-DomainSearcher @SearcherArguments
+                                          ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-DomainSearcher], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Get-DomainSearcher

Same happens when I type the command: 

PS C:\Windows\system32> Add-ObjectAcl -credential $cred -targetidentity targetuser -PrincipalIdentity principaluser -rights dcsync -PrincipalDomain domain.local -verbose
Get-DomainSearcher : A parameter cannot be found that matches parameter name 'Properties'.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Empire-master\data\module_source\situational
_awareness\network\powerview.ps1:6570 char:46
+         $ObjectSearcher = Get-DomainSearcher @SearcherArguments
+                                              ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-DomainSearcher], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,Get-DomainSearcher

Unable to resolve principal: principaluser
At C:\Users\user\Documents\WindowsPowerShell\Modules\Empire-master\data\module_source\situational
_awareness\network\powerview.ps1:8516 char:13
+             throw "Unable to resolve principal: $PrincipalIdentity"
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (Unable to resol...l: principaluser:String) [], Runti
   meException
    + FullyQualifiedErrorId : Unable to resolve principal: principaluser

Working on Windows 10 virtual machine for what matters...